AzeoTech DAQFactory

MonitorCVSS 7.8ICS-CERT ICSA-26-169-02Jun 18, 2026

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

DAQFactory versions 21.1 and earlier contain a vulnerability that allows arbitrary code execution through malicious .ctl (control) files. Successful exploitation occurs when a user opens a crafted .ctl file, which could lead to code execution with the privileges of the DAQFactory process. The vulnerability is exploitable via social engineering delivery of malicious files.

What this means

What could happen

An attacker could trick a user into opening a malicious .ctl file in DAQFactory, leading to arbitrary code execution on the system where DAQFactory is running. This could allow the attacker to alter control logic, disable alarms, or shut down critical processes.

Who's at risk

DAQFactory users in any industry who load control files (.ctl) for SCADA, process monitoring, or data acquisition systems. This includes operators at water utilities, power plants, chemical plants, and manufacturing facilities. Primary concern is for systems where DAQFactory runs on engineering workstations or operator consoles with access to PLCs or process equipment.

How it could be exploited

An attacker crafts a malicious .ctl file and tricks a user into opening it in DAQFactory (social engineering via email or file sharing). When the file is loaded, the vulnerability allows arbitrary code to execute with the privileges of the DAQFactory user. No special network access is required; the attack is local but delivered remotely.

Prerequisites

User interaction required: a DAQFactory operator must open a malicious .ctl file from an untrusted source
DAQFactory version 21.1 or earlier
No special credentials or network access required

No authentication requiredLow complexityUser interaction required (file opening)Arbitrary code execution possibleAffects control system engineering workstations

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

DAQFactory≤ 21.1No fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDDo not open .ctl files from unknown or untrusted sources. Verify the origin of all DAQFactory control files before loading them.

HARDENINGRestrict write permissions on the folder where .ctl files are stored to admin-level users only to prevent unauthorized modification.

WORKAROUNDUse DAQFactory 'Safe Mode' when loading any .ctl files that have been outside your direct control or from external sources.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGApply a document editing password to all DAQFactory documents to prevent unauthorized modification.

HOTFIXMonitor for and apply any patches released by AzeoTech for DAQFactory versions 21.1 and earlier.

CVEs (1)

CVE-2026-12390

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7205ec8f-3b5c-4ffd-b4d5-a24b31ba49f9

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.